Bugtraq mailing list archives
Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
From: Rich Pieri <ratinox () mit edu>
Date: Thu, 27 Aug 2015 11:03:34 -0400
On 8/26/15 8:09 PM, vozzie () gmail com wrote:
Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary".
UAC is not a security boundary. It's purpose is to annoy users in order to force vendors to fix their bad code: http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users/ -- Rich Pieri <ratinox () mit edu> MIT Laboratory for Nuclear Science
Current thread:
- UAC Bypass Vulnerability on "Windows 7" in Windows Script Host vozzie (Aug 27)
- Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host Rich Pieri (Aug 27)
- <Possible follow-ups>
- Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host kev . r (Aug 31)